Security News > 2021 > January > CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products
The U.S. Cybersecurity and Infrastructure Security Agency this week released an advisory to inform industrial organizations that some SCADA/HMI products made by Japanese electrical equipment company Fuji Electric are affected by potentially serious vulnerabilities.
The vulnerabilities, reported to Fuji Electric by various researchers through Trend Micro's Zero Day Initiative and CISA, have been described as buffer overflow, out-of-bounds read/write and uninitialized pointer issues that can be exploited for arbitrary code execution.
According to CISA, the vulnerabilities affect Tellus Lite V-Simulator and V-Server Lite versions prior to 4.0.10.0, which should patch the flaws.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
It's worth noting that ZDI published advisories for some of these vulnerabilities in September 2020, after the vendor failed to release patches within a 120-day deadline.
ZDI will likely soon also make public the advisories describing the remaining vulnerabilities.